wamo/gnu-social
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[RequireValidatedEmail] Only check current user posts

Browse Source 
This check made registration impossible when welcomeuser didn't have validation
as well.

And rename the "grandfatherCutoff" option to "exemptBefore".
"Grandfathering" is a relatively obscure term linked to the history of the
United States of America, so replace that with something self-descriptive.
This commit is contained in:
Alexei Sorokin 2020-08-09 23:58:25 +03:00 committed by Diogo Peralta Cordeiro
parent 2de195d20c
commit 024f5fe3a8
3 changed files with 67 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
plugins/RequireValidatedEmail/README
View File

@ -1,30 +0,0 @@
This plugin disables posting for accounts that do not have a
validated email address.
Example:
addPlugin('RequireValidatedEmail');
If you don't want to apply the validationr equirement to existing
accounts, you can specify a cutoff date to grandfather in users
registered prior to that timestamp.
addPlugin('RequireValidatedEmail',
array('grandfatherCutoff' => 'Dec 7, 2009');
You can also exclude the validation checks from OpenID accounts
connected to a trusted provider, by providing a list of regular
expressions to match their provider URLs.
For example, to trust WikiHow and Wikipedia users:
addPlugin('RequireValidatedEmailPlugin', array(
'trustedOpenIDs' => array(
'!^http://\w+\.wikihow\.com/!',
'!^http://\w+\.wikipedia\.org/!',
),
));
Todo:
* add a more visible indicator that validation is still outstanding
* test with XMPP, API posting

33
plugins/RequireValidatedEmail/README.md Normal file
View File

@ -0,0 +1,33 @@
This plugin disables posting for accounts that do not have a
validated email address.
Example:
```
addPlugin('RequireValidatedEmail');
```
If you don't want to apply the validation equirement to existing accounts, you
can specify a date users registered before which are exempted from validation.
```
addPlugin('RequireValidatedEmail', [
'exemptBefore' => '2009-12-07',
]);
```
You can also exclude the validation checks from OpenID accounts
connected to a trusted provider, by providing a list of regular
expressions to match their provider URLs.
For example, to trust WikiHow and Wikipedia users:
```
addPlugin('RequireValidatedEmailPlugin', [
'trustedOpenIDs' => [
'!^https?://\w+\.wikihow\.com/!',
'!^https?://\w+\.wikipedia\.org/!',
],
]);
```
Todo:
* add a more visible indicator that validation is still outstanding
* test with XMPP, API posting

55
plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php
View File

@ -44,9 +44,11 @@ class RequireValidatedEmailPlugin extends Plugin
const PLUGIN_VERSION = '2.0.0'; const PLUGIN_VERSION = '2.0.0';
/** /**
* Users created before this time will be grandfathered in * Users created before this date will be exempted
* without the validation requirement. * without the validation requirement.
*/ */
public $exemptBefore = null;
// Alternative more obscure term for exemption dates
public $grandfatherCutoff = null; public $grandfatherCutoff = null;
/** /**
@ -56,14 +58,14 @@ class RequireValidatedEmailPlugin extends Plugin
* *
* For example, to trust WikiHow and Wikipedia OpenID users: * For example, to trust WikiHow and Wikipedia OpenID users:
* *
* addPlugin('RequireValidatedEmailPlugin', array( * addPlugin('RequireValidatedEmailPlugin', [
* 'trustedOpenIDs' => array( * 'trustedOpenIDs' => [
* '!^http://\w+\.wikihow\.com/!', * '!^https?://\w+\.wikihow\.com/!',
* '!^http://\w+\.wikipedia\.org/!', * '!^https?://\w+\.wikipedia\.org/!',
* ), * ],
* )); * ]);
*/ */
public $trustedOpenIDs = array(); public $trustedOpenIDs = [];
/** /**
* Whether or not to disallow login for unvalidated users. * Whether or not to disallow login for unvalidated users.
@ -95,6 +97,12 @@ class RequireValidatedEmailPlugin extends Plugin
return true; return true;
} }
$user = $author->getUser(); $user = $author->getUser();
if ($user !== common_current_user()) {
// Not the current user, must be legitimate (like welcomeuser)
return true;
}
if (!$this->validated($user)) { if (!$this->validated($user)) {
// TRANS: Client exception thrown when trying to post notices before validating an e-mail address. // TRANS: Client exception thrown when trying to post notices before validating an e-mail address.
$msg = _m('You must validate your email address before posting.'); $msg = _m('You must validate your email address before posting.');
@ -124,20 +132,22 @@ class RequireValidatedEmailPlugin extends Plugin
} }
/** /**
* Check if a user has a validated email address or has been * Check if a user has a validated email address or was
* otherwise grandfathered in. * otherwise exempted.
* *
* @param User $user User to valide * @param User $user User to valide
* *
* @return bool * @return bool
*/ */
protected function validated(User $user) protected function validated(User $user): bool
{ {
// The email field is only stored after validation... // The email field is only stored after validation...
// Until then you'll find them in confirm_address. // Until then you'll find them in confirm_address.
$knownGood = !empty($user->email) || $knownGood = (
$this->grandfathered($user) || !empty($user->email)
$this->hasTrustedOpenID($user); || $this->exempted($user)
|| $this->hasTrustedOpenID($user)
);
// Give other plugins a chance to override, if they can validate // Give other plugins a chance to override, if they can validate
// that somebody's ok despite a non-validated email. // that somebody's ok despite a non-validated email.
@ -152,19 +162,22 @@ class RequireValidatedEmailPlugin extends Plugin
} }
/** /**
* Check if a user was created before the grandfathering cutoff. * Check if a user was created before the exemption date.
* If so, we won't need to check for validation. * If so, we won't need to check for validation.
* *
* @param User $user User to check * @param User $user User to check
* *
* @return bool true if user is grandfathered * @return bool true if user is exempted
*/ */
protected function grandfathered(User $user) protected function exempted(User $user): bool
{ {
if ($this->grandfatherCutoff) { $exempt_before = ($this->exemptBefore ?? $this->grandfatherCutoff);
$created = strtotime($user->created . " GMT");
$cutoff = strtotime($this->grandfatherCutoff); if (!empty($exempt_before)) {
if ($created < $cutoff) { $utc_timezone = new DateTimeZone('UTC');
$created_date = new DateTime($user->created, $utc_timezone);
$exempt_date = new DateTime($exempt_before, $utc_timezone);
if ($created_date < $exempt_date) {
return true; return true;
} }
} }